SLAE: Assignment 7 of 7

Assignment #7:
- Create a custom crypter like the one shown in the course
- Free to use any existing encryption schema like RC4 or AES
- Can use any programming language
=====================================================================

My encoder will use the small but strong encryption algorithm TEA to encode the shellcode. The shellcode is the execve code used in assignment 4:
# execve('/bin/ls') - shellcode size is 25 bytes
shellcode = ("\x31\xc0\x50\x68\x2f\x2f\x6c\x73\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80")

Note: I used the following TEA key: [0x90909090, 0x90909090, 0x90909090, 0x90909090]

Note:We test the code works:

Original_shellcode = (
"\x31\xc0\x50\x68\x2f\x2f\x6c\x73"
"\x68\x2f\x62\x69\x6e\x89\xe3\x50"
"\x89\xe2\x53\x89\xe1\xb0\x0b\xcd"
"\x80\x90\x90\x90\x90\x90\x90\x90"
)

Encrypted_shellcode = (
"\xc1\x1a\x6e\xa7\xe9\x30\x33\xbb"
"\x06\x9d\x92\x08\xcd\xa6\xb3\xd6"
"\xe2\xdb\x2c\x9b\xa7\x79\x4a\x94"
"\xa7\x79\x8e\x18\x5f\x6b\xd8\x9d"
)

Note: We test that the program works:

Decrypting Encrypted_shellcode now...
Running decrypted shellcode now...
tea-decrypt.py  tea-encrypt.py

Note: The program correctly executes execve('/bin/ls') and lists the directory structure

Filed under: Exclude from front page SLAE